CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2031 matches found

Tenable Nessus•added 2026/05/28 12:0 a.m.•11 views

Debian dla-4604 : roundcube - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4604 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4604-1 [email protected]...

8.1CVSS6AI score0.0066EPSS

Exploits1References20

Tenable Nessus•added 2026/05/28 12:0 a.m.•9 views

Debian dsa-6301 : roundcube - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6301 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected]...

8.1CVSS5.7AI score0.0066EPSS

Exploits1References19

Positive Technologies•added 2026/05/28 12:0 a.m.•10 views

PT-2026-44369

Roundcube's HTML sanitization path for message rendering allows loopback, localhost, RFC1918, link-local, and ULA URLs even when remote content loading is disabled. A remote attacker can send an HTML email that causes the victim's browser to issue requests to local or private-network services...

4.7CVSS5.8AI score

Exploits0References6

Debian•added 2026/05/27 9:1 p.m.•18 views

[SECURITY] [DSA 6301-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...

8.1CVSS5.9AI score0.0066EPSS

Exploits1

SUSE CVE•added 2026/05/27 10:57 a.m.•8 views

SUSE CVE-2026-35540

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

6.5CVSS5.8AI score0.0031EPSS

Exploits0References3

SUSE CVE•added 2026/05/27 10:56 a.m.•19 views

SUSE CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.0066EPSS

Exploits0References3

SUSE CVE•added 2026/05/27 10:56 a.m.•7 views

SUSE CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.00292EPSS

Exploits0References3

SUSE CVE•added 2026/05/27 10:56 a.m.•8 views

SUSE CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

7.5CVSS5.8AI score0.00372EPSS

Exploits0References3

SUSE CVE•added 2026/05/27 10:56 a.m.•7 views

SUSE CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00284EPSS

Exploits0References3

SUSE CVE•added 2026/05/27 10:56 a.m.•11 views

SUSE CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00304EPSS

Exploits0References3

SUSE CVE•added 2026/05/27 10:56 a.m.•8 views

SUSE CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS5.9AI score0.00404EPSS

Exploits0References3

SUSE CVE•added 2026/05/27 10:56 a.m.•8 views

SUSE CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00339EPSS

Exploits0References3

SUSE CVE•added 2026/05/27 10:56 a.m.•10 views

SUSE CVE-2026-48849

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...

4.4CVSS5.8AI score0.00195EPSS

Exploits1References3

OSV•added 2026/05/27 12:0 a.m.•6 views

OPENSUSE-SU-2026:10869-1 roundcubemail-1.6.16-2.1 on GA media

These are all security issues fixed in the roundcubemail-1.6.16-2.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS5.8AI score0.0066EPSS

Exploits1References8

Tenable Nessus•added 2026/05/27 12:0 a.m.•35 views

Linux Distros Unpatched Vulnerability : CVE-2026-48848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG...

7.2CVSS5.8AI score0.00339EPSS

Exploits0References2

Tenable Nessus•added 2026/05/27 12:0 a.m.•51 views

Linux Distros Unpatched Vulnerability : CVE-2026-48843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may le...

7.2CVSS5.8AI score0.0031EPSS

Exploits0References2